Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:5112
HistorySep 18, 2017 - 4:54 a.m.

Data Binding Expression Vulnerability

2017-09-1804:54:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4

0.002 Low

EPSS

Percentile

54.6%

JSON

spring-webflow is vulnerable to a data binding expression vulnerability. The vulnerability is caused when the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, applications which use the default settings are vulnerable to malicious EL expressions in view states. The view states that are vulnerable are ones which process form submissions that do not have a sub-element to declare explicit data binding property mappings.

Related

prion 1
cve 1
nvd 1
osv 2
nessus 2
cvelist 1
github 1
redhatcve 1
ibm 1
prion
prion
Design/Logic Flaw
2017-11-27 10:29:00
cve
cve
CVE-2017-8039
2017-11-27 10:29:00
nvd
nvd
CVE-2017-8039
2017-11-27 10:29:00
osv
osv
CVE-2017-8039
2017-11-27 10:29:00
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
2022-05-13 01:47:15
nessus
nessus
RHEL 7 : spring-webflow (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : jasperreports-server-pro (Unpatched Vulnerability)
2024-06-03 00:00:00
cvelist
cvelist
CVE-2017-8039
2017-11-27 10:00:00
github
github
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
2022-05-13 01:47:15
redhatcve
redhatcve
CVE-2017-8039
2017-09-22 08:49:30
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability
2018-09-28 04:30:01

0.002 Low

EPSS

Percentile

54.6%

JSON
Related for VERACODE:5112
prion1cve1nvd1osv2nessus2cvelist1github1redhatcve1ibm1